As a formost exercise, development tools should not be deployed on production sites. Correspondingly, packaged Drupal 8 stable releases will no longer contain development PHP libraries, because development code is not undertake to be secure.
This only applies to a few optional libraries that are provided with Drupal 8 for development purposes.
To adopt this best practice for your site, do one of the following (depending on how you install Drupal):
If you install Drupal using the stable release packages provided by Drupal.org, update to the next release (8.2.3) as soon as it is available. Be sure to follow the core update instructions, including removing old vendor files. Once updated, your site will no longer include development libraries and no further action will be needed.
If you use a development snapshot on your production site (like 8.2.x-dev), you should either update to a stable release (preferred) or manually remove the dependencies. Remember that development snapshots are not supported for production sites.
If you install your site via Composer, you should update your workflows to ensure you specify -no-dev for your production sites.
Development and continuous integration workflows
If you have a continuous integration workflow or development site that uses these development dependencies, your workflow might be impacted by this change. If you installed from a stable Drupal.org package and need the development dependencies, you have three options:
Install Composer and run composer install --dev,
Use a development snapshot (for example, 8.2.x-dev) instead of a tagged release for your development site, or Install the development dependencies you need manually into Drupal's vendor directory or elsewhere.
However, remember that these development libraries should not be installed on production sites.
For background on this change, see Use "composer install --no-dev" to create tagged core packages. For more information on Composer workflows for Drupal, see Using Composer to manage Drupal site dependencies.